Cybercriminals have launched at least 16 Conti ransomware attacks against healthcare and first responder networks, according to an FBI alert. Hackers targeted law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities during these attacks.
Furthermore, Ireland's Health Service Executive (HSE) shut down its networks in May 2021 following a Conti attack, Reuters reported. The attack disrupted HSE's diagnostic services and coronavirus (COVID-19) testing and forced hospitals to cancel appointments.
Conti attackers steal victims' files and encrypts servers and workstations, the FBI indicated. They do so in the hopes of getting victims to submit ransom payments.
During a Conti attack, a hacker attempts to illegally access a victim's network via malicious email links, attachments or stolen Remote Desktop Protocol (RDP) credentials, the FBI stated. The hacker weaponizes Word documents with embedded Powershell scripts, which provides him or her with the access required to deploy ransomware.
Typically, Conti actors can be found within a victim's network between four days and three weeks after ransomware is deployed, according to he FBI. They use tools available on the network and add tools as needed to escalate privileges and move laterally through the network before exfiltrating and encrypting data.
Conti has been used in attacks against over 400 organizations worldwide, the FBI noted. In addition, at least 290 of the organizations involved in Conti attacks were based out of the United States.
How to Guard Against Conti Ransomware Attacks
The FBI offers several tips to help organizations guard against Conti ransomware attacks, including:
- Perform regular data backups
- Ensure copies of data are not accessible for modification or deletion from the system where the information resides
- Segment networks
- Implement a data recovery plan
- Install updates and patch operating systems, software and firmware
- Use multi-factor authentication
- Use strong passwords and update them regularly
- Disable unused remote access and RDP ports and monitor remote access/RDP logs
The FBI also recommends cybersecurity awareness training to educate employees about Conti and other cyber threats. This training can help employees understand the dangers associated with cyberattacks and plan accordingly.